[dns-operations] CloudShield advices against dDoS

SM sm at resistor.net
Thu Feb 21 07:26:24 UTC 2013

At 16:15 20-02-2013, Vernon Schryver wrote:
>On the other hand, this statement in that document might suggest
>confusion about DNSSEC:
>     Even if DNSSEC were deployed broadly, it still would not ensure
>     that DNS for a domain could not be misdirected. This is because
>     DNSSEC does nothing to ensure that the listed authoritative name
>     server for a domain name is one that is legitimately controlled
>     by the owner of the domain name.
>Or maybe the definition of "legitimately controlled" is unrelated to
>delegations from parent domains.
>Or maybe he is thinking of regimes in which the bad guys control
>the root trust anchors on all computers.

I read it as meaning that listed authoritative name server is changed 
by someone else through the "web panel".


More information about the dns-operations mailing list